10-Step Security and Vulnerability Assessment Plan - Slide 11

Violations of any of the constraints of the established policies or procedures should be considered a security breach and, depending on the nature of the violation, various sanctions need to be taken. Such action may include a written reprimand for a minor breach, suspension for multiple minor breaches or a major breach, or termination for multiple major breaches.

A security assessment is conducted to determine the degree to which information system security controls are correctly implemented, whether they are operating as intended, and whether they are producing the desired level of security. A vulnerability assessment is conducted to determine the weaknesses inherent in the information systems that could be exploited leading to information system breach. Without security and vulnerability assessments, the potential exists that information systems may not be as secure as intended or desired.

A security assessment policy should apply to all information systems and information system components of a given company. Specifically, it includes:

Mainframes, servers and other devices that provide centralized computing capabilities.

SAN, NAS and other devices that provide centralized storage capabilities.

Desktops, laptops and other devices that provide distributed computing capabilities.

Routers, switches and other devices that provide network capabilities.

Security and vulnerability assessments should be performed against all information systems on a pre-determined, regularly scheduled basis. While both security and vulnerability assessments may be performed by internal staff on an on-going basis, it is recommended that third parties should be retained periodically to ensure appropriate levels of coverage and oversight.

Info-Tech Research Group has developed the following outline for conducting a thorough assessment. You can also download their Security Assessment Policy at no cost from the IT Business Edge Knowledge Network.

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.